🚀 Launch Special: $29/mo for life --d --h --m --s Claim Your Price →
GCIP
Coming Soon
Expected availability announced soon

This course is in active development. Preview the scope below and create a free account to be notified the moment it goes live.

Notify me
GCIP GIAC Certifications Coming Soon

GCIP

The GCIP course teaches professionals how to interpret NERC CIP standards, identify BES cyber systems, design electronic security perimeters, and implement personnel, training, and physical security controls for bulk electric system compliance.

120
Minutes
75
Questions
69/100
Passing Score
$979
Exam Cost

Who Should Take This

Mid‑level engineers, compliance analysts, and security managers who already work with bulk electric system assets and have at least two years of NERC CIP experience should take this exam. They aim to validate their ability to design, audit, and maintain comprehensive protection programs that meet regulatory expectations.

What's Covered

1 Domain 1: NERC CIP Standards Overview
2 Domain 2: BES Cyber System Identification
3 Domain 3: Electronic Security Perimeters
4 Domain 4: Personnel and Training Requirements
5 Domain 5: Physical Security of BES Assets
6 Domain 6: Incident Reporting and Recovery Plans
7 Domain 7: Configuration Change Management and Vulnerability Assessment

What's Included in AccelaStudy® AI

Adaptive Knowledge Graph
Practice Questions
Lesson Modules
Console Simulator Labs
Exam Tips & Strategy
20 Activity Formats

Course Outline

67 learning goals
1 Domain 1: NERC CIP Standards Overview
3 topics

Regulatory Framework

  • Describe the NERC organizational structure including the role of Regional Entities, the ERO Enterprise, FERC oversight, and the standards development and enforcement process.
  • Identify the NERC CIP standard family from CIP-002 through CIP-014 including the purpose, applicability, and primary requirements of each standard.
  • Describe the NERC CIP compliance monitoring and enforcement program including self-certification, spot checks, compliance audits, and violation severity levels.
  • Identify the relationship between NERC Reliability Standards and CIP cybersecurity standards including how BES reliability obligations create the foundation for cybersecurity requirements.

Compliance Program Management

  • Implement a NERC CIP internal compliance program including policy development, procedure documentation, evidence management, and internal audit scheduling.
  • Configure evidence management systems to collect, organize, and retain compliance documentation meeting NERC CIP evidence retention requirements of at least three calendar years.
  • Evaluate compliance program maturity by assessing evidence completeness, procedure alignment with standard requirements, and readiness for regulatory audit.

Security Management Controls (CIP-003)

  • Describe CIP-003 requirements for cyber security policies including senior management approval, annual review, and the four required policy topic areas for high and medium impact BES Cyber Systems.
  • Identify the CIP Senior Manager role requirements including designation documentation, delegation authority, and responsibilities for CIP compliance oversight.
  • Implement CIP-003 policies for low impact BES Cyber Systems covering electronic access controls, physical access controls, cyber security awareness, and incident response.
  • Evaluate the adequacy of CIP-003 security management controls by assessing policy coverage, CIP Senior Manager engagement, and delegation chain documentation.
2 Domain 2: BES Cyber System Identification
2 topics

Asset Classification

  • Describe BES Cyber System categorization criteria under CIP-002 including high, medium, and low impact ratings based on bright-line criteria for generation, transmission, and control centers.
  • Identify BES Cyber Asset qualification criteria including the 15-minute parameter for routable protocol connectivity and the real-time operations threshold for cyber asset classification.
  • Describe the roles of Protected Cyber Assets, Electronic Access Control and Monitoring Systems, and Physical Access Control Systems in the BES Cyber System ecosystem.
  • Apply CIP-002 bright-line criteria to classify BES Cyber Systems at generation facilities, transmission stations, and control centers using MW thresholds and connectivity requirements.

Inventory and Documentation

  • Implement BES Cyber System inventory procedures documenting all associated BES Cyber Assets, Protected Cyber Assets, and their network connectivity for each identified system.
  • Configure annual review and approval processes for BES Cyber System lists including CIP Senior Manager approval and documentation of changes in system categorization.
  • Evaluate the accuracy and completeness of BES Cyber System categorization by testing classification decisions against bright-line criteria and identifying miscategorized assets.
3 Domain 3: Electronic Security Perimeters
3 topics

ESP Design and Management

  • Describe Electronic Security Perimeter requirements under CIP-005 including all access points, inbound and outbound access permissions, and deny-by-default rule sets.
  • Identify Electronic Access Points and their documentation requirements including firewall rules, access control lists, and permitted communication protocols for each ESP boundary.
  • Implement Electronic Security Perimeter configurations using firewalls and access control lists that enforce deny-by-default and permit only documented necessary communications.
  • Configure network architecture documentation including ESP boundary diagrams, Electronic Access Point inventories, and communication path matrices required for CIP-005 compliance evidence.

Interactive Remote Access

  • Describe CIP-005 Interactive Remote Access requirements including intermediate system usage, encryption, and multi-factor authentication for all remote sessions to BES Cyber Systems.
  • Implement compliant Interactive Remote Access solutions using intermediate systems that terminate encrypted sessions before granting access to BES Cyber Systems.
  • Evaluate Interactive Remote Access implementations for CIP-005 compliance by verifying encryption standards, multi-factor authentication enforcement, and session logging completeness.

External Routable Connectivity

  • Describe External Routable Connectivity requirements and the distinction between direct connectivity, dial-up connectivity, and non-routable protocol boundaries under CIP-005.
  • Analyze network architectures to determine which BES Cyber Systems have External Routable Connectivity and whether ESP requirements apply based on protocol and connectivity analysis.
4 Domain 4: Personnel and Training Requirements
3 topics

Security Awareness and Training

  • Describe CIP-004 security awareness program requirements including quarterly reinforcement, content covering cyber security policies, and documentation of participation.
  • Identify CIP-004 cyber security training requirements including role-based training content, annual completion deadlines, and training prior to granting authorized electronic or physical access.
  • Implement a cyber security training program covering CIP-004 required topics including electronic access controls, physical access controls, incident reporting, and handling of BES Cyber System information.

Personnel Risk Assessment

  • Describe CIP-004 personnel risk assessment requirements including identity verification, seven-year criminal history checks, and assessment criteria for evaluating risk.
  • Implement personnel risk assessment procedures including background check initiation, evaluation criteria documentation, and reassessment scheduling at seven-year intervals.

Access Management Lifecycle

  • Describe CIP-004 access authorization requirements including documented authorization for electronic and physical access to BES Cyber Systems based on business need.
  • Implement access revocation procedures meeting CIP-004 timelines including next calendar day revocation for terminations and 30 calendar day revocation for transfers.
  • Configure quarterly access review processes to verify that all individuals with electronic and physical access to BES Cyber Systems have current authorization and valid business need.
  • Evaluate access management program effectiveness by analyzing revocation timeliness, quarterly review completion rates, and evidence of unauthorized access prevention.
5 Domain 5: Physical Security of BES Assets
2 topics

Physical Security Plans (CIP-006)

  • Describe CIP-006 Physical Security Plan requirements including Physical Security Perimeter definition, physical access control systems, monitoring, and logging of physical access.
  • Identify Physical Security Perimeter requirements including six-wall boundary, access point controls, visitor management, and alarm monitoring for unauthorized physical access.
  • Implement physical access control and monitoring systems for BES Cyber Systems including card readers, camera systems, alarm panels, and 90-day log retention.
  • Configure visitor management procedures including continuous escort requirements, visitor logging, and visitor access revocation procedures compliant with CIP-006.

Transmission Station Security (CIP-014)

  • Describe CIP-014 requirements for physical security of transmission stations and substations including risk assessment, third-party verification, and security plan development.
  • Implement CIP-014 risk assessments for identified critical transmission stations evaluating threats from physical attack and the potential impact on Bulk Electric System reliability.
  • Evaluate physical security plan adequacy for CIP-014 transmission stations by assessing threat mitigation measures, response procedures, and resiliency improvements.
6 Domain 6: Incident Reporting and Recovery Plans
2 topics

Incident Reporting (CIP-008)

  • Describe CIP-008 Cyber Security Incident Response Plan requirements including reportable incident criteria, notification timelines, and plan testing obligations.
  • Identify NERC reportable Cyber Security Incident criteria including compromise or disruption of BES Cyber Systems and the one-hour reporting timeline to the Electricity ISAC.
  • Implement Cyber Security Incident Response Plans meeting CIP-008 requirements including incident classification, notification procedures, roles and responsibilities, and evidence retention.
  • Configure annual incident response plan testing using tabletop exercises or operational drills that validate notification procedures and document lessons learned.
  • Evaluate incident response plan effectiveness by analyzing exercise results, actual incident handling performance, and compliance with CIP-008 notification timelines.

Recovery Plans (CIP-009)

  • Describe CIP-009 recovery plan requirements including conditions for activation, roles and responsibilities, backup and restoration procedures, and plan testing obligations.
  • Implement BES Cyber System backup procedures meeting CIP-009 requirements including backup verification, secure storage, and documentation of information required for recovery.
  • Configure recovery plan testing procedures including operational exercises, successful backup restoration verification, and documentation of test results and plan updates.
  • Assess recovery plan adequacy by evaluating backup completeness, restoration time objectives, test success rates, and plan update frequency following changes to BES Cyber Systems.
7 Domain 7: Configuration Change Management and Vulnerability Assessment
4 topics

Change Management (CIP-010)

  • Describe CIP-010 configuration change management requirements including baseline configuration documentation, change authorization, and post-change verification for BES Cyber Systems.
  • Identify baseline configuration elements required by CIP-010 including operating system, firmware version, commercially available software, custom software, logical network accessible ports, and security patches.
  • Implement configuration change management procedures for BES Cyber Systems including change requests, impact assessment, authorization workflow, testing, and baseline update documentation.
  • Configure automated baseline monitoring to detect unauthorized changes to BES Cyber System configurations and generate alerts for deviations from documented baselines.

Vulnerability Assessment

  • Describe CIP-010 vulnerability assessment requirements including 15-month assessment intervals, documented assessment methodology, and action plan development for identified vulnerabilities.
  • Implement vulnerability assessment procedures for BES Cyber Systems including paper-based assessments, active scanning where appropriate, and documentation of findings and action plans.
  • Configure security patch management processes meeting CIP-010 requirements including 35-day evaluation of applicable patches and documented mitigation plans for deferred patches.
  • Evaluate vulnerability assessment program effectiveness by analyzing finding remediation rates, patch currency, and assessment coverage across all BES Cyber System impact categories.

Information Protection (CIP-011)

  • Describe CIP-011 BES Cyber System Information protection requirements including identification, handling procedures, storage controls, and transit protections.
  • Implement BES Cyber System Information handling procedures including labeling, access restrictions, secure storage, and media sanitization before disposal or reuse.
  • Assess information protection program compliance by verifying that BES Cyber System Information is identified, appropriately protected, and sanitized from media before release or disposal.

System Security Management (CIP-007)

  • Describe CIP-007 requirements for system security management including port and service management, security event monitoring, system access controls, and malicious code prevention.
  • Implement CIP-007 logical port and service management by documenting enabled ports, disabling unnecessary services, and protecting against unauthorized network access on BES Cyber Assets.
  • Configure security event monitoring for BES Cyber Systems generating alerts for authentication failures, unauthorized access attempts, and detected malicious code events.
  • Assess CIP-007 system security management compliance by reviewing port justifications, security event log completeness, password policy enforcement, and malware prevention coverage.

Scope

Included Topics

  • All domains in the GIAC Critical Infrastructure Protection (GCIP) certification aligned to SANS ICS456: NERC CIP standards overview, BES Cyber System identification, Electronic Security Perimeters, personnel and training requirements, physical security of BES assets, incident reporting and recovery plans, and configuration change management.
  • NERC CIP Standards CIP-002 through CIP-014 including BES Cyber System categorization, security management controls, personnel and training, electronic security perimeters, physical security, system security management, incident reporting, recovery plans, configuration change management, information protection, and physical security of transmission stations.
  • BES Cyber System and BES Cyber Asset identification methodologies including impact rating criteria (high, medium, low), bright-line criteria, and the relationship between BES Reliability Standards and CIP cybersecurity standards.
  • Electronic Security Perimeter design and management including access points, Interactive Remote Access, external routable connectivity, and dial-up connectivity requirements under CIP-005.
  • Personnel and training programs under CIP-004 including personnel risk assessment, security awareness training, access management lifecycle, and access revocation procedures.
  • Incident reporting under CIP-008, recovery planning under CIP-009, configuration change management under CIP-010, and information protection under CIP-011.

Not Covered

  • Non-NERC regulatory frameworks such as NIST, IEC 62443, and TSA Pipeline Security Directives except where they complement NERC CIP understanding.
  • Bulk Electric System reliability standards not directly related to cybersecurity (e.g., transmission planning, voltage regulation, frequency response).
  • Vendor-specific security product configurations and proprietary ICS security tooling.
  • Advanced penetration testing, exploit development, and offensive security techniques.
  • Cloud security, DevSecOps, and modern software development security practices outside of NERC CIP scope.

Official Exam Page

Learn more at GIAC Certifications

Visit

GCIP is coming soon

Adaptive learning that maps your knowledge and closes your gaps.

Create Free Account to Be Notified

Trademark Notice

GIAC® is a registered trademark of Global Information Assurance Certification (a subsidiary of the SANS Institute). GIAC does not endorse this product.

AccelaStudy® and Renkara® are registered trademarks of Renkara Media Group, Inc. All third-party marks are the property of their respective owners and are used for nominative identification only.